Added by the HESIVE.B TROJAN!

Added by the BOXED-H TROJAN!

Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number

BrowserAid/BrowserPal foistware

Added by the SEEKER.K TROJAN!

Registration reminder for @loha@home E-mail utility

Popup reminder to take the tour of your new Acer laptop

Part of Acronis Privacy Expert - anti-spyware and security suite

Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly

Speeds up the launch of Adobe (Acrobat) Reader 7

Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly

Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly

ISP software, initializes DSL modem

Part of Panda Antivirus . Is this an update reminder (guess because of the name), virus definition update reminder or something similar?

Loads ADSL modem Control Panel applet

ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality

ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality

Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!

Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"

Audio control panel?

AUNPS adware

Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example

Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension

Added by a variant of the QOOLOGIC TROJAN!

Added by a variant of the QOOLOGIC TROJAN!

Added by the AGENT.PKZ TROJAN!

??

Birthday Reminder 5.0 - as the name implies

CommonName Toolbar spyware. To uninstall see here

Added by the VB-ZD TROJAN! Note - this file is located in the C:Windowshelp folder, and is not to be confused with the legitimate rundll32.exe file!

Displays battery status information on an IBM Thinkpad

BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings

BDplugin parasite

IBM Thinkpad battery management utility that logs changes in battery conditions such as charging, discharging, etc

Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup

Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window

Battery power management utility for Lenovo (IBM) ThinkPad laptops

BookedSpace parasite

Flingstone.com browser hijacker

Added by the BRONTOK-J or BRONTOK-L WORMS!

BookedSpace parasite

Display Client for the BuzMe Internet Call Waiting Service

BookedSpace parasite

BookedSpace parasite

For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs

Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change

Part of the closed caption decdoder/MS VBI codec. Should only run once

BookedSpace parasite

BookedSpace parasite

Added by the AEBOT.K WORM!

Added by the QQPASS-U TROJAN!

Switch adult content dialler

??

System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel

Registers the Control Panel applet for a C-Media PCI sound card

CnsMin (Chinese Keywords) hijacker related

Cognizance Corp Identity And Access Management suite

Added by an IRC TROJAN variant!

??

Added by the GAOBOT.YN WORM!

MatrixDialer related

CoolWebSearch Msconfd parasite variant

CoolWebSearch parasite variant

MatrixDialer related

MatrixDialer related

Razer Copperhead mouse driver

If you don't want to register Corel products and be reminded about it every 2 weeks disable it

If you don't want to register Corel products and be reminded about it every 2 weeks disable it

Added by the DLOADER-LO TROJAN!

CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS

Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the LEGMIR-AW TROJAN!

SinaUpdateCenter adware

Homepage hijacker

DeadAIM - feature enhancing product for AOL's Instant Messenger program

CoolWebSearch parasite variant

Added by the BOOKMARKER TROJAN!

MatrixDialer related

Appears to be related to older Creative Soundblaster soundcards

Added by the GRUEL WORM!

Added by the RBOT-PR WORM!

Unidentfied malware

Added by a variant of the SDBOT WORM!

Added by the LAZAR TROJAN!

DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Dell printer software - reports back on printer and cartridge useage

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Related to the Dell AIO A964 printer/scanner/copier which comes bundled with many Dell computers. Required for the Dell Ink Management System. If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:WINDOWSSystem32spooldriversW32x863DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help here

Dell printer software - reports back on printer and cartridge useage

Dell printer software - reports back on printer and cartridge useage

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Dell printer software - reports back on printer and cartridge useage

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work

Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work

MatrixDialer related

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

KidsWatch Time Control parental control software

Hijacker - drvupd.inf file installs a "searchforge.com" hijack

Identified as a variant of the AdWare.Win32.ZenoSearch.am malware

Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem

EReg is a software registration tool incorporated on products such as those by Brøderbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it

Added by the LAZAR.B TROJAN!

CNNIC Update pest

Related to Windows Media Center from Microsoft

Added by the CAMPURF WORM!

Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice

Added by the RBOT.BQJ WORM!

AdultLinks.QBar parasite related

MatrixDialer related

Related to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others)

Added by the CAY TROJAN!

Topconverting.com180Search "Games Toolbar" adware

Added by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name

Added by the GAOBOT.UJ or GAOBOT.UL WORMS!

Added by the GAOBOT.SY WORM!

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

MatrixDialer related

Detected by Kaspersky as the AGENT.AOU TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the BEAGLE.C WORM!

USB DSL modem related - [what does it do and is it required in startup?

Unidentified adware, spyware or virus

LZIO.com adware downloader

LZIO.com adware downloader

HP multifunction registration

Added by a variant of the ORCU.B TROJAN!

HighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAID

Added by the QQPASS-U TROJAN!

Added by the BANKER-EHG TROJAN!

HP multifunction registration

HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller

LZIO.com adware downloader

LZIO.com adware downloader

Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines

Topconverting.com180Search "IEMenuExtension" toolbar

LZIO.com adware downloader

LZIO.com adware downloader

IKL surveillance software. Uninstall this software unless you put it there yourself

CoolWebSearch parasite variant

Added by the VUNDO TROJAN!

Electronic_Group/InstantAccess premium rate adult content dialer variant

Electronic_Group/InstantAccess premium rate adult content dialer variant

Electronic_Group/InstantAccess premium rate adult content dialer variant

Electronic_Group/InstantAccess premium rate adult content dialer variant

Electronic_Group/InstantAccess premium rate adult content dialer variant

Electronic_Group/InstantAccess premium rate adult content dialer variant

From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner

Added by the FORTNIGHT.D TROJAN!

Added by the RBOT-AJG WORM!

Intel(r) Indeo(r) video 4.4 Decompression Filter related

Detected by Trend Micro as the DLOADER.UZO TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the BANKER-EHG TROJAN!

Added by the RBOT-DDJ WORM!

Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time

SafeguardProtect/Veevo hijacker

Microsoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computer

Added by the AGENT.AT TROJAN!

Added by the LIXY TROJAN!

CoolWebSearch Oemsyspnp parasite variant

Added by the QuickLinks/Forethought adware

PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online

Razer Krait mouse driver

DailyWinner adware

LZIO.com adware downloader

Razer Lachesis mouse driver

Added by the REPEATLD WORM!

Audio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs

Left over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) Engine

LZIO.com adware downloader

Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program

Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program

Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway

Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the "inf" sub-folder

??

Added by the WOWCRAFT TROJAN!

Added by the LOOKED-CK WORM!

Mshtmpre adware

Added by the LEGMIR-AS TROJAN!

Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the Windowsinf or Winntinf folder

Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings

Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"

Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll

Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line

Ulubione adult content dialer

Added by the KANGAROO-A WORM!

123Mania adware

RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone

Added by the MULTIDRP.BG TROJAN!

Added by the LINEAGE-BI TROJAN!

Lexmark printer software - reports back on printer and cartridge useage

Lexmark printer software - reports back on printer and cartridge useage

Lexmark printer software - reports back on printer and cartridge useage

Lexmark printer software - reports back on printer and cartridge useage

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Lexmark printer software - reports back on printer and cartridge useage

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Lexmark printing software - reports back on printer and cartridge useage

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Lexmark printer software - reports back on printer and cartridge useage

Lexmark printer software - reports back on printer and cartridge useage

Lexmark printer software - reports back on printer and cartridge useage

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Lexmark printer software - reports back on printer and cartridge useage

Added by a variant of the RBOT WORM!

Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs

Used with a USB based smartmedia card reader

Creative Filter AudioControlMB Module - related to the Creative Audigy line of sound cards. What does it do and is it required?

Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis

Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".

Added by the GRUEL WORM!

Added by the RELFEERWORM!

Added by the IRCBOT.BK WORM!

Added by the RBOT-GHO WORM!

Added by the RBOT-GGU WORM!

Added by the RBOT-GSJ WORM!

Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in a "dll" subfolder of the Winnt or Windows folder

Added by a variant of the RBOT WORM!

Added by the RBOT-GRG WORM!

Added by the RBOT-FSH WORM!

Added by a variant of the IRC.BOT TROJAN!

Detected by Trend Micro as the SHEUR.HC WORM! See here

Added by a variant of the IRCBOT.ARD WORM!

Added by the IRCBOT.ARD WORM!

Added by a variant of the IRCBOT TROJAN!

Added by the AGOBOT.AVS WORM!

Added by the POPO-A WORM! Note - this is NOT the Windows system file of the same name as described here

Added by a variant of the SDBOT WORM!

Added by a variant of the RBOT WORM!

Added by the RBOT.FC WORM!

Added by the RBOT.EP WORM!

Added by the RBOT-PS WORM!

Added by the RBOT-LL WORM!

Added by an unidentified WORM or TROJAN!

Added by the HABRACK WORM!

Added by a variant of the IRCBOT TROJAN!

Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour

Shows the Welcome Center every time you boot into Windows Vista

Added by the RBOT-AGF WORM!

Added by the RBOT-AFQ WORM!

Added by the RBOT-AFS WORM!

??

Added by the RBOT-ZY WORM!

??

Added by the FUNNER-A WORM!

Part of Mobipocket Reader - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC"

Added by a variant of the LOVGATE WORM!

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA6